[pkg-netfilter-team] Bug#949739: iptables: ufw fails with iptables 1.8.4-2
Peje Nilsson
peje66 at gmail.com
Fri Jan 24 11:53:08 GMT 2020
Package: iptables
Version: 1.8.4-2
Severity: important
Dear Maintainer,
* What led up to the situation?
Upgraded iptables to latest unstable and then restarted ufw.
root:~# iptables --version
iptables v1.8.4 (nf_tables)
root:~# ufw disable
Firewall stopped and disabled on system startup
root:~# ufw enable
ERROR: problem running ufw-init
iptables-restore: COMMIT expected at line 19
ip6tables-restore: COMMIT expected at line 19
Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/user6.rules'
root:~# ping -n 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 8184ms
root:~# ufw disable
Firewall stopped and disabled on system startup
root:~# ping -n 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=9.18 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=9.01 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=9.13 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 9.013/9.105/9.177/0.068 ms
Downgrading to iptables 1.8.3-2 makes things work again:
root:~# iptables --version
iptables v1.8.3 (nf_tables)
root:~# ufw enable
Firewall is active and enabled on system startup
root:~# ping -n 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=9.00 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=9.01 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 8.999/9.002/9.006/0.003 ms
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8),
LANGUAGE=sv:en_GB (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.29-9
ii libip4tc2 1.8.4-2
ii libip6tc2 1.8.4-2
ii libmnl0 1.0.4-2+b1
ii libnetfilter-conntrack3 1.0.7-2
ii libnfnetlink0 1.0.1-3+b1
ii libnftnl11 1.1.5-1
ii libxtables12 1.8.4-2
ii netbase 6.0
Versions of packages iptables recommends:
ii nftables 0.9.3-2
Versions of packages iptables suggests:
pn firewalld <none>
ii kmod 26+20191223-1
-- no debconf information
More information about the pkg-netfilter-team
mailing list